<?php

defined('IN_HOUSE5') or exit('No permission resources.');
define('CACHE_MODEL_PATH',CACHE_PATH.'caches_model'.DIRECTORY_SEPARATOR.'caches_data'.DIRECTORY_SEPARATOR);
class down {
private $db;
function __construct() {
$this->db = h5_base::load_model('content_model');
}
public function init() {
$a_k = trim($_GET['a_k']);
if(!isset($a_k)) showmessage(L('illegal_parameters'));
$a_k = sys_auth($a_k,'DECODE',h5_base::load_config('system','auth_key'));
if(empty($a_k)) showmessage(L('illegal_parameters'));
unset($i,$m,$f);
parse_str($a_k);
if(isset($i)) $i = $id = intval($i);
if(!isset($m)) showmessage(L('illegal_parameters'));
if(!isset($modelid)||!isset($catid)) showmessage(L('illegal_parameters'));
if(empty($f)) showmessage(L('url_invalid'));
$allow_visitor = 1;
$MODEL = getcache('model','commons');
$tablename = $this->db->table_name = $this->db->db_tablepre.$MODEL[$modelid]['tablename'];
$this->db->table_name = $tablename.'_data';
$rs = $this->db->get_one(array('id'=>$id));
$siteids = getcache('category_content','commons');
$siteid = $siteids[$catid];
$CATEGORYS = getcache('category_content_'.$siteid,'commons');
$this->category = $CATEGORYS[$catid];
$this->category_setting = string2array($this->category['setting']);
$groupids_view = '';
if ($rs['groupids_view']) $groupids_view = explode(',',$rs['groupids_view']);
if($groupids_view &&is_array($groupids_view)) {
$_groupid = param::get_cookie('_groupid');
$_groupid = intval($_groupid);
if(!$_groupid) {
$forward = urlencode(get_url());
showmessage(L('login_website'),APP_PATH.'index.php?s=member/index/login&forward='.$forward);
}
if(!in_array($_groupid,$groupids_view)) showmessage(L('no_priv'));
}else {
$_priv_data = $this->_category_priv($catid);
if($_priv_data=='-1') {
$forward = urlencode(get_url());
showmessage(L('login_website'),APP_PATH.'index.php?s=member/index/login&forward='.$forward);
}elseif($_priv_data=='-2') {
showmessage(L('no_priv'));
}
}
$paytype = $rs['paytype'];
$readpoint = $rs['readpoint'];
if($readpoint ||$this->category_setting['defaultchargepoint']) {
if(!$readpoint) {
$readpoint = $this->category_setting['defaultchargepoint'];
$paytype = $this->category_setting['paytype'];
}
$allow_visitor = self::_check_payment($catid.'_'.$id,$paytype,$catid);
if(!$allow_visitor) {
$http_referer = urlencode(get_url());
$allow_visitor = sys_auth($catid.'_'.$id.'|'.$readpoint.'|'.$paytype).'&http_referer='.$http_referer;
}else {
$allow_visitor = 1;
}
}
if(preg_match('/(php|phtml|php3|php4|jsp|dll|asp|cer|asa|shtml|shtm|aspx|asax|cgi|fcgi|pl)(\.|$)/i',$f) ||strpos($f,":\\")!==FALSE ||strpos($f,'..')!==FALSE) showmessage(L('url_error'));
if(strpos($f,'http://') !== FALSE ||strpos($f,'ftp://') !== FALSE ||strpos($f,'://') === FALSE) {
$h5_auth_key = md5(h5_base::load_config('system','auth_key').$_SERVER['HTTP_USER_AGENT']);
$a_k = urlencode(sys_auth("i=$i&d=$d&s=$s&t=".SYS_TIME."&ip=".ip()."&s=".$m."&f=$f&modelid=".$modelid,'ENCODE',$h5_auth_key));
$downurl = '?s=content/down/download&a_k='.$a_k;
}else {
$downurl = $f;
}
include template('content','download');
}
public function download() {
$a_k = trim($_GET['a_k']);
$h5_auth_key = md5(h5_base::load_config('system','auth_key').$_SERVER['HTTP_USER_AGENT']);
$a_k = sys_auth($a_k,'DECODE',$h5_auth_key);
if(empty($a_k)) showmessage(L('illegal_parameters'));
unset($i,$m,$f,$t,$ip);
parse_str($a_k);
if(isset($i)) $downid = intval($i);
if(!isset($m)) showmessage(L('illegal_parameters'));
if(!isset($modelid)) showmessage(L('illegal_parameters'));
if(empty($f)) showmessage(L('url_invalid'));
if(!$i ||$m<0) showmessage(L('illegal_parameters'));
if(!isset($t)) showmessage(L('illegal_parameters'));
if(!isset($ip)) showmessage(L('illegal_parameters'));
$starttime = intval($t);
if(preg_match('/(php|phtml|php3|php4|jsp|dll|asp|cer|asa|shtml|shtm|aspx|asax|cgi|fcgi|pl)(\.|$)/i',$f) ||strpos($f,":\\")!==FALSE ||strpos($f,'..')!==FALSE) showmessage(L('url_error'));
$fileurl = trim($f);
if(!$downid ||empty($fileurl) ||!preg_match("/[0-9]{10}/",$starttime) ||!preg_match("/[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/",$ip) ||$ip != ip()) showmessage(L('illegal_parameters'));
$endtime = SYS_TIME -$starttime;
if($endtime >3600) showmessage(L('url_invalid'));
if($m) $fileurl = trim($s).trim($fileurl);
if(strpos($fileurl,':/') &&(strpos($fileurl,h5_base::load_config('system','upload_url')) === false)) {
header("Location: $fileurl");
}else {
if($d == 0) {
header("Location: ".$fileurl);
}else {
$fileurl = str_replace(array(h5_base::load_config('system','upload_url'),'/'),array(h5_base::load_config('system','upload_path'),DIRECTORY_SEPARATOR),$fileurl);
$filename = basename($fileurl);
if(preg_match("/^([\s\S]*?)([\x81-\xfe][\x40-\xfe])([\s\S]*?)/",$fileurl)) {
$filename = str_replace(array("%5C","%2F","%3A"),array("\\","/",":"),urlencode($fileurl));
$filename = urldecode(basename($filename));
}
$ext = fileext($filename);
$filename = date('Ymd_his').random(3).'.'.$ext;
file_down($fileurl,$filename);
}
}
}
private function _check_payment($flag,$paytype,$catid) {
$_userid = param::get_cookie('_userid');
$_username = param::get_cookie('_username');
$siteids = getcache('category_content','commons');
$siteid = $siteids[$catid];
$CATEGORYS = getcache('category_content_'.$siteid,'commons');
$this->category = $CATEGORYS[$catid];
$this->category_setting = string2array($this->category['setting']);
if(!$_userid) return false;
h5_base::load_app_class('spend','pay',0);
$setting = $this->category_setting;
$repeatchargedays = intval($setting['repeatchargedays']);
if($repeatchargedays) {
$fromtime = SYS_TIME -86400 * $repeatchargedays;
$r = spend::spend_time($_userid,$fromtime,$flag);
if($r['id']) return true;
}
return false;
}
private function _category_priv($catid) {
$catid = intval($catid);
if(!$catid) return '-2';
$_groupid = param::get_cookie('_groupid');
$_groupid = intval($_groupid);
if($_groupid==0) $_groupid = 8;
$this->category_priv_db = h5_base::load_model('category_priv_model');
$result = $this->category_priv_db->select(array('catid'=>$catid,'is_admin'=>0,'action'=>'visit'));
if($result) {
if(!$_groupid) return '-1';
foreach($result as $r) {
if($r['roleid'] == $_groupid) return '1';
}
return '-1';
}else {
return '1';
}
}

?>